Comment 1 for bug 624739

/etc/tomcat6 is only root-writeable by default for security reasons, so that an abuse of the tomcat6 user cannot compromise the whole Tomcat configuration (server.xml, and the users password file). Tomcat6 can write under /etc/tomcat/Catalina/localhost so that autodeployment works.

Your requirement that the tomcat6 user can write in /etc/tomcat6/opencms doesn't come from Tomcat but from OpenCMS. You can change the default protection to suit your particular needs, or use a private instance for OpenCMS (see about tomcat6-user in http://doc.ubuntu.com/ubuntu/serverguide/C/tomcat.html)